1/* 2 * This program is free software; you can redistribute it and/or modify 3 * it under the terms of the GNU General Public License as published by 4 * the Free Software Foundation; either version 2 of the License, or 5 * (at your option) any later version. 6 * 7 * This program is distributed in the hope that it will be useful, 8 * but WITHOUT ANY WARRANTY; without even the implied warranty of 9 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 10 * GNU General Public License for more details. 11 * 12 * You should have received a copy of the GNU General Public License 13 * along with this program; if not, write to the Free Software 14 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. 15 * 16 * Copyright (C) IBM Corporation, 2005 17 * Jeff Muizelaar, 2006, 2007 18 * Pekka Paalanen, 2008 <pq@iki.fi> 19 * 20 * Derived from the read-mod example from relay-examples by Tom Zanussi. 21 */ 22 23#define pr_fmt(fmt) "mmiotrace: " fmt 24 25#define DEBUG 1 26 27#include <linux/module.h> 28#include <linux/debugfs.h> 29#include <linux/slab.h> 30#include <linux/uaccess.h> 31#include <linux/io.h> 32#include <linux/kallsyms.h> 33#include <asm/pgtable.h> 34#include <linux/mmiotrace.h> 35#include <asm/e820.h> /* for ISA_START_ADDRESS */ 36#include <linux/atomic.h> 37#include <linux/percpu.h> 38#include <linux/cpu.h> 39 40#include "pf_in.h" 41 42struct trap_reason { 43 unsigned long addr; 44 unsigned long ip; 45 enum reason_type type; 46 int active_traces; 47}; 48 49struct remap_trace { 50 struct list_head list; 51 struct kmmio_probe probe; 52 resource_size_t phys; 53 unsigned long id; 54}; 55 56/* Accessed per-cpu. */ 57static DEFINE_PER_CPU(struct trap_reason, pf_reason); 58static DEFINE_PER_CPU(struct mmiotrace_rw, cpu_trace); 59 60static DEFINE_MUTEX(mmiotrace_mutex); 61static DEFINE_SPINLOCK(trace_lock); 62static atomic_t mmiotrace_enabled; 63static LIST_HEAD(trace_list); /* struct remap_trace */ 64 65/* 66 * Locking in this file: 67 * - mmiotrace_mutex enforces enable/disable_mmiotrace() critical sections. 68 * - mmiotrace_enabled may be modified only when holding mmiotrace_mutex 69 * and trace_lock. 70 * - Routines depending on is_enabled() must take trace_lock. 71 * - trace_list users must hold trace_lock. 72 * - is_enabled() guarantees that mmio_trace_{rw,mapping} are allowed. 73 * - pre/post callbacks assume the effect of is_enabled() being true. 74 */ 75 76/* module parameters */ 77static unsigned long filter_offset; 78static bool nommiotrace; 79static bool trace_pc; 80 81module_param(filter_offset, ulong, 0); 82module_param(nommiotrace, bool, 0); 83module_param(trace_pc, bool, 0); 84 85MODULE_PARM_DESC(filter_offset, "Start address of traced mappings."); 86MODULE_PARM_DESC(nommiotrace, "Disable actual MMIO tracing."); 87MODULE_PARM_DESC(trace_pc, "Record address of faulting instructions."); 88 89static bool is_enabled(void) 90{ 91 return atomic_read(&mmiotrace_enabled); 92} 93 94static void print_pte(unsigned long address) 95{ 96 unsigned int level; 97 pte_t *pte = lookup_address(address, &level); 98 99 if (!pte) { 100 pr_err("Error in %s: no pte for page 0x%08lx\n", 101 __func__, address); 102 return; 103 } 104 105 if (level == PG_LEVEL_2M) { 106 pr_emerg("4MB pages are not currently supported: 0x%08lx\n", 107 address); 108 BUG(); 109 } 110 pr_info("pte for 0x%lx: 0x%llx 0x%llx\n", 111 address, 112 (unsigned long long)pte_val(*pte), 113 (unsigned long long)pte_val(*pte) & _PAGE_PRESENT); 114} 115 116/* 117 * For some reason the pre/post pairs have been called in an 118 * unmatched order. Report and die. 119 */ 120static void die_kmmio_nesting_error(struct pt_regs *regs, unsigned long addr) 121{ 122 const struct trap_reason *my_reason = &get_cpu_var(pf_reason); 123 pr_emerg("unexpected fault for address: 0x%08lx, last fault for address: 0x%08lx\n", 124 addr, my_reason->addr); 125 print_pte(addr); 126 print_symbol(KERN_EMERG "faulting IP is at %s\n", regs->ip); 127 print_symbol(KERN_EMERG "last faulting IP was at %s\n", my_reason->ip); 128#ifdef __i386__ 129 pr_emerg("eax: %08lx ebx: %08lx ecx: %08lx edx: %08lx\n", 130 regs->ax, regs->bx, regs->cx, regs->dx); 131 pr_emerg("esi: %08lx edi: %08lx ebp: %08lx esp: %08lx\n", 132 regs->si, regs->di, regs->bp, regs->sp); 133#else 134 pr_emerg("rax: %016lx rcx: %016lx rdx: %016lx\n", 135 regs->ax, regs->cx, regs->dx); 136 pr_emerg("rsi: %016lx rdi: %016lx rbp: %016lx rsp: %016lx\n", 137 regs->si, regs->di, regs->bp, regs->sp); 138#endif 139 put_cpu_var(pf_reason); 140 BUG(); 141} 142 143static void pre(struct kmmio_probe *p, struct pt_regs *regs, 144 unsigned long addr) 145{ 146 struct trap_reason *my_reason = &get_cpu_var(pf_reason); 147 struct mmiotrace_rw *my_trace = &get_cpu_var(cpu_trace); 148 const unsigned long instptr = instruction_pointer(regs); 149 const enum reason_type type = get_ins_type(instptr); 150 struct remap_trace *trace = p->private; 151 152 /* it doesn't make sense to have more than one active trace per cpu */ 153 if (my_reason->active_traces) 154 die_kmmio_nesting_error(regs, addr); 155 else 156 my_reason->active_traces++; 157 158 my_reason->type = type; 159 my_reason->addr = addr; 160 my_reason->ip = instptr; 161 162 my_trace->phys = addr - trace->probe.addr + trace->phys; 163 my_trace->map_id = trace->id; 164 165 /* 166 * Only record the program counter when requested. 167 * It may taint clean-room reverse engineering. 168 */ 169 if (trace_pc) 170 my_trace->pc = instptr; 171 else 172 my_trace->pc = 0; 173 174 /* 175 * XXX: the timestamp recorded will be *after* the tracing has been 176 * done, not at the time we hit the instruction. SMP implications 177 * on event ordering? 178 */ 179 180 switch (type) { 181 case REG_READ: 182 my_trace->opcode = MMIO_READ; 183 my_trace->width = get_ins_mem_width(instptr); 184 break; 185 case REG_WRITE: 186 my_trace->opcode = MMIO_WRITE; 187 my_trace->width = get_ins_mem_width(instptr); 188 my_trace->value = get_ins_reg_val(instptr, regs); 189 break; 190 case IMM_WRITE: 191 my_trace->opcode = MMIO_WRITE; 192 my_trace->width = get_ins_mem_width(instptr); 193 my_trace->value = get_ins_imm_val(instptr); 194 break; 195 default: 196 { 197 unsigned char *ip = (unsigned char *)instptr; 198 my_trace->opcode = MMIO_UNKNOWN_OP; 199 my_trace->width = 0; 200 my_trace->value = (*ip) << 16 | *(ip + 1) << 8 | 201 *(ip + 2); 202 } 203 } 204 put_cpu_var(cpu_trace); 205 put_cpu_var(pf_reason); 206} 207 208static void post(struct kmmio_probe *p, unsigned long condition, 209 struct pt_regs *regs) 210{ 211 struct trap_reason *my_reason = &get_cpu_var(pf_reason); 212 struct mmiotrace_rw *my_trace = &get_cpu_var(cpu_trace); 213 214 /* this should always return the active_trace count to 0 */ 215 my_reason->active_traces--; 216 if (my_reason->active_traces) { 217 pr_emerg("unexpected post handler"); 218 BUG(); 219 } 220 221 switch (my_reason->type) { 222 case REG_READ: 223 my_trace->value = get_ins_reg_val(my_reason->ip, regs); 224 break; 225 default: 226 break; 227 } 228 229 mmio_trace_rw(my_trace); 230 put_cpu_var(cpu_trace); 231 put_cpu_var(pf_reason); 232} 233 234static void ioremap_trace_core(resource_size_t offset, unsigned long size, 235 void __iomem *addr) 236{ 237 static atomic_t next_id; 238 struct remap_trace *trace = kmalloc(sizeof(*trace), GFP_KERNEL); 239 /* These are page-unaligned. */ 240 struct mmiotrace_map map = { 241 .phys = offset, 242 .virt = (unsigned long)addr, 243 .len = size, 244 .opcode = MMIO_PROBE 245 }; 246 247 if (!trace) { 248 pr_err("kmalloc failed in ioremap\n"); 249 return; 250 } 251 252 *trace = (struct remap_trace) { 253 .probe = { 254 .addr = (unsigned long)addr, 255 .len = size, 256 .pre_handler = pre, 257 .post_handler = post, 258 .private = trace 259 }, 260 .phys = offset, 261 .id = atomic_inc_return(&next_id) 262 }; 263 map.map_id = trace->id; 264 265 spin_lock_irq(&trace_lock); 266 if (!is_enabled()) { 267 kfree(trace); 268 goto not_enabled; 269 } 270 271 mmio_trace_mapping(&map); 272 list_add_tail(&trace->list, &trace_list); 273 if (!nommiotrace) 274 register_kmmio_probe(&trace->probe); 275 276not_enabled: 277 spin_unlock_irq(&trace_lock); 278} 279 280void mmiotrace_ioremap(resource_size_t offset, unsigned long size, 281 void __iomem *addr) 282{ 283 if (!is_enabled()) /* recheck and proper locking in *_core() */ 284 return; 285 286 pr_debug("ioremap_*(0x%llx, 0x%lx) = %p\n", 287 (unsigned long long)offset, size, addr); 288 if ((filter_offset) && (offset != filter_offset)) 289 return; 290 ioremap_trace_core(offset, size, addr); 291} 292 293static void iounmap_trace_core(volatile void __iomem *addr) 294{ 295 struct mmiotrace_map map = { 296 .phys = 0, 297 .virt = (unsigned long)addr, 298 .len = 0, 299 .opcode = MMIO_UNPROBE 300 }; 301 struct remap_trace *trace; 302 struct remap_trace *tmp; 303 struct remap_trace *found_trace = NULL; 304 305 pr_debug("Unmapping %p.\n", addr); 306 307 spin_lock_irq(&trace_lock); 308 if (!is_enabled()) 309 goto not_enabled; 310 311 list_for_each_entry_safe(trace, tmp, &trace_list, list) { 312 if ((unsigned long)addr == trace->probe.addr) { 313 if (!nommiotrace) 314 unregister_kmmio_probe(&trace->probe); 315 list_del(&trace->list); 316 found_trace = trace; 317 break; 318 } 319 } 320 map.map_id = (found_trace) ? found_trace->id : -1; 321 mmio_trace_mapping(&map); 322 323not_enabled: 324 spin_unlock_irq(&trace_lock); 325 if (found_trace) { 326 synchronize_rcu(); /* unregister_kmmio_probe() requirement */ 327 kfree(found_trace); 328 } 329} 330 331void mmiotrace_iounmap(volatile void __iomem *addr) 332{ 333 might_sleep(); 334 if (is_enabled()) /* recheck and proper locking in *_core() */ 335 iounmap_trace_core(addr); 336} 337 338int mmiotrace_printk(const char *fmt, ...) 339{ 340 int ret = 0; 341 va_list args; 342 unsigned long flags; 343 va_start(args, fmt); 344 345 spin_lock_irqsave(&trace_lock, flags); 346 if (is_enabled()) 347 ret = mmio_trace_printk(fmt, args); 348 spin_unlock_irqrestore(&trace_lock, flags); 349 350 va_end(args); 351 return ret; 352} 353EXPORT_SYMBOL(mmiotrace_printk); 354 355static void clear_trace_list(void) 356{ 357 struct remap_trace *trace; 358 struct remap_trace *tmp; 359 360 /* 361 * No locking required, because the caller ensures we are in a 362 * critical section via mutex, and is_enabled() is false, 363 * i.e. nothing can traverse or modify this list. 364 * Caller also ensures is_enabled() cannot change. 365 */ 366 list_for_each_entry(trace, &trace_list, list) { 367 pr_notice("purging non-iounmapped trace @0x%08lx, size 0x%lx.\n", 368 trace->probe.addr, trace->probe.len); 369 if (!nommiotrace) 370 unregister_kmmio_probe(&trace->probe); 371 } 372 synchronize_rcu(); /* unregister_kmmio_probe() requirement */ 373 374 list_for_each_entry_safe(trace, tmp, &trace_list, list) { 375 list_del(&trace->list); 376 kfree(trace); 377 } 378} 379 380#ifdef CONFIG_HOTPLUG_CPU 381static cpumask_var_t downed_cpus; 382 383static void enter_uniprocessor(void) 384{ 385 int cpu; 386 int err; 387 388 if (downed_cpus == NULL && 389 !alloc_cpumask_var(&downed_cpus, GFP_KERNEL)) { 390 pr_notice("Failed to allocate mask\n"); 391 goto out; 392 } 393 394 get_online_cpus(); 395 cpumask_copy(downed_cpus, cpu_online_mask); 396 cpumask_clear_cpu(cpumask_first(cpu_online_mask), downed_cpus); 397 if (num_online_cpus() > 1) 398 pr_notice("Disabling non-boot CPUs...\n"); 399 put_online_cpus(); 400 401 for_each_cpu(cpu, downed_cpus) { 402 err = cpu_down(cpu); 403 if (!err) 404 pr_info("CPU%d is down.\n", cpu); 405 else 406 pr_err("Error taking CPU%d down: %d\n", cpu, err); 407 } 408out: 409 if (num_online_cpus() > 1) 410 pr_warning("multiple CPUs still online, may miss events.\n"); 411} 412 413static void leave_uniprocessor(void) 414{ 415 int cpu; 416 int err; 417 418 if (downed_cpus == NULL || cpumask_weight(downed_cpus) == 0) 419 return; 420 pr_notice("Re-enabling CPUs...\n"); 421 for_each_cpu(cpu, downed_cpus) { 422 err = cpu_up(cpu); 423 if (!err) 424 pr_info("enabled CPU%d.\n", cpu); 425 else 426 pr_err("cannot re-enable CPU%d: %d\n", cpu, err); 427 } 428} 429 430#else /* !CONFIG_HOTPLUG_CPU */ 431static void enter_uniprocessor(void) 432{ 433 if (num_online_cpus() > 1) 434 pr_warning("multiple CPUs are online, may miss events. " 435 "Suggest booting with maxcpus=1 kernel argument.\n"); 436} 437 438static void leave_uniprocessor(void) 439{ 440} 441#endif 442 443void enable_mmiotrace(void) 444{ 445 mutex_lock(&mmiotrace_mutex); 446 if (is_enabled()) 447 goto out; 448 449 if (nommiotrace) 450 pr_info("MMIO tracing disabled.\n"); 451 kmmio_init(); 452 enter_uniprocessor(); 453 spin_lock_irq(&trace_lock); 454 atomic_inc(&mmiotrace_enabled); 455 spin_unlock_irq(&trace_lock); 456 pr_info("enabled.\n"); 457out: 458 mutex_unlock(&mmiotrace_mutex); 459} 460 461void disable_mmiotrace(void) 462{ 463 mutex_lock(&mmiotrace_mutex); 464 if (!is_enabled()) 465 goto out; 466 467 spin_lock_irq(&trace_lock); 468 atomic_dec(&mmiotrace_enabled); 469 BUG_ON(is_enabled()); 470 spin_unlock_irq(&trace_lock); 471 472 clear_trace_list(); /* guarantees: no more kmmio callbacks */ 473 leave_uniprocessor(); 474 kmmio_cleanup(); 475 pr_info("disabled.\n"); 476out: 477 mutex_unlock(&mmiotrace_mutex); 478} 479